package com.jiangge.utils;

public class XssFilter {
	
	/**需要过滤的字符串**/
	private static final String[] XSS_ARRAY = {"<>","\"","'","%",";","()","&","\\+","[\\t\\n\\r]","|","&"};
	
	/**
	 * XSS过滤
	 * @param sourceStr
	 * @return
	 */
	public static String clearXss(String sourceStr){
		String descStr = sourceStr;
		for(String xss:XSS_ARRAY){
			descStr = descStr.replaceAll(xss, "");
		}
		return descStr;
	}
	
	/**
	 * 判断是否含有XSS过滤
	 * @param sourceStr
	 * @return
	 */
	public static boolean containsXss(String sourceStr){
		boolean descBoolean = false;
		for(String xss:XSS_ARRAY){
			descBoolean = sourceStr.contains(xss);
			if(descBoolean){
				break;
			}
		}
		return descBoolean;
	}

	
	public static void main(String[] args) {
		/**原字符串**/
		String sourceStr = "<><script>1111+'%";
		/**判断是否含有需要过滤过后的字符串**/
		boolean descBoolean = XssFilter.containsXss(sourceStr);
		/**过滤过后的字符串**/
		String descStr = XssFilter.clearXss(sourceStr);
		/**打印**/
		System.out.printf(descBoolean+"-"+descStr);
	}

}
